render / rpms / libvirt

Forked from rpms/libvirt 9 months ago
Clone
Source Code
GIT

Blame SOURCES/libvirt-security-dac-gfx-egl-headless-Relabel-the-DRI-device.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-rhel c8-sig-altarch-stream-rhel c8-stream-rhel c8s-sig-hyperscale c8s-stream-rhel c9 c9-beta c9s-sig-hyperscale libvirt-hyperscale-10.4.0 upgrade-hyperscale-libvirt
  1.   25aafcd906f87e2833d18c85071d9ee3858b03dd
  2.   SOURCES
  3.   libvirt-security-dac-gfx-egl-headless-Relabel-the-DRI-device.patch
Blob History Raw
99cbc7 
From 98189cd7e622bb89ee4916307c1287d97487233a Mon Sep 17 00:00:00 2001
99cbc7 
Message-Id: <98189cd7e622bb89ee4916307c1287d97487233a@dist-git>
99cbc7 
From: Erik Skultety <eskultet@redhat.com>
99cbc7 
Date: Tue, 9 Apr 2019 08:34:34 +0200
99cbc7 
Subject: [PATCH] security: dac: gfx: egl-headless: Relabel the DRI device
99cbc7 
MIME-Version: 1.0
99cbc7 
Content-Type: text/plain; charset=UTF-8
99cbc7 
Content-Transfer-Encoding: 8bit
99cbc7
99cbc7 
Just like for SPICE, we need to change the permissions on the DRI device
99cbc7 
used as the @rendernode for egl-headless graphics type.
99cbc7
99cbc7 
Signed-off-by: Erik Skultety <eskultet@redhat.com>
99cbc7 
Reviewed-by: Ján Tomko <jtomko@redhat.com>
99cbc7 
(cherry picked from commit ae00e73cfe91b76849712fb7d928cfefef39a6eb)
99cbc7
99cbc7 
https://bugzilla.redhat.com/show_bug.cgi?id=1628892
99cbc7 
Signed-off-by: Erik Skultety <eskultet@redhat.com>
99cbc7
99cbc7 
 Conflicts:
99cbc7 
	src/security/security_dac.c
99cbc7 
            v4.7.0-58-g3ac7793ad1 was not backported
99cbc7 
Message-Id: <f564d1859c197fb7477e49ce801124e0cc2d506f.1554791287.git.eskultet@redhat.com>
99cbc7
99cbc7 
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
99cbc7 
---
99cbc7 
 src/security/security_dac.c | 15 +++++++--------
99cbc7 
 1 file changed, 7 insertions(+), 8 deletions(-)
99cbc7
99cbc7 
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
99cbc7 
index 74c70dd092..cc2ed10157 100644
99cbc7 
--- a/src/security/security_dac.c
99cbc7 
+++ b/src/security/security_dac.c
99cbc7 
@@ -1419,11 +1419,16 @@ virSecurityDACSetGraphicsLabel(virSecurityManagerPtr mgr,
99cbc7 
                                virDomainGraphicsDefPtr gfx)
99cbc7
99cbc7 
 {
99cbc7 
+    const char *rendernode = virDomainGraphicsGetRenderNode(gfx);
99cbc7 
     virSecurityDACDataPtr priv = virSecurityManagerGetPrivateData(mgr);
99cbc7 
     virSecurityLabelDefPtr seclabel;
99cbc7 
     uid_t user;
99cbc7 
     gid_t group;
99cbc7
99cbc7 
+    /* There's nothing to relabel */
99cbc7 
+    if (!rendernode)
99cbc7 
+        return 0;
99cbc7 
+
99cbc7 
     /* Skip chowning the shared render file if namespaces are disabled */
99cbc7 
     if (!priv->mountNamespace)
99cbc7 
         return 0;
99cbc7 
@@ -1435,14 +1440,8 @@ virSecurityDACSetGraphicsLabel(virSecurityManagerPtr mgr,
99cbc7 
     if (virSecurityDACGetIds(seclabel, priv, &user, &group, NULL, NULL) < 0)
99cbc7 
         return -1;
99cbc7
99cbc7 
-    if (gfx->type == VIR_DOMAIN_GRAPHICS_TYPE_SPICE &&
99cbc7 
-        gfx->data.spice.gl == VIR_TRISTATE_BOOL_YES &&
99cbc7 
-        gfx->data.spice.rendernode) {
99cbc7 
-        if (virSecurityDACSetOwnership(priv, NULL,
99cbc7 
-                                       gfx->data.spice.rendernode,
99cbc7 
-                                       user, group) < 0)
99cbc7 
-            return -1;
99cbc7 
-    }
99cbc7 
+    if (virSecurityDACSetOwnership(priv, NULL, rendernode, user, group) < 0)
99cbc7 
+        return -1;
99cbc7
99cbc7 
     return 0;
99cbc7 
 }
99cbc7 
--
99cbc7 
2.21.0
99cbc7

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation